diff --git a/README.md b/README.md index b016955..2f25579 100644 --- a/README.md +++ b/README.md @@ -237,15 +237,17 @@ In my opinion you should definitely drop all non-industry policies, articles, ma We have a lot of great GNU/Linux hardening policies to provide safer operating systems compatible with security protocols. For me, **CIS** and the **PCI-DSS** compliant are about the best actual prescriptive guides - but of course you can choose a different one. - > Most of all you should use [Security Benchmarks/Policies](#policy-compliance) which describe consensus best practices for the secure configuration of target systems because configuring your systems in compliance eliminate the most common security fails/bugs. For example, CIS has been shown to eliminate 80-95% of known security vulnerabilities. + > Most of all you should use [Security Benchmarks/Policies](#policy-compliance) which describe consensus best practices for the secure configuration of target systems. + +Configuring your systems in compliance eliminate the most common security fails/bugs. For example, CIS has been shown to eliminate 80-95% of known security vulnerabilities. On the other hand e.g. STIG itself is just a complicated (for newbies difficult to implement) check-list. In my opinion ideally, real world implementation is automated via something like OpenSCAP. - > You should use a rational approach, remember that more is not better. Each environment is different so security rules should all work in theory, but sometimes it not works as well. + > You should use a rational approach because more is not better. Each environment is different so security rules should all work in theory, but sometimes it not works as well. ### Which distribution should be used? -This guide is being written and tested on **Red Hat Enterprise Linux** and **CentOS Linux** distributions because: +This guide is being written and tested on **Red Hat Enterprise Linux 7** and **CentOS 7** distributions because: - they are a free (CentOS) and open source - they are enterprise-class @@ -253,7 +255,7 @@ This guide is being written and tested on **Red Hat Enterprise Linux** and **Cen - they have great community support - they are built on coherent snapshots of old packages -Both distributions provides **[certified tools](#scap-security-guide)** which can parse and evaluate each component of the SCAP standard. +Both distributions allow the use of **[certified tools](#scap-security-guide)** which can parse and evaluate each component of the SCAP standard. ### How to read this guide?